#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; gzip on; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/json text/xml application/xml+rss image/jpeg image/gif image/png; gzip_disable "MSIE [1-6].(?!.*SV1)"; gzip_comp_level 9; gzip_min_length 10k; # 大於這個 size 才壓縮,也可以寫 1000 gzip_buffers 4 32k; gzip_vary on; #server { # listen 80; # server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; # location / { # root html; # index index.html index.htm; # } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # root html; # } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} #} # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} server { listen 80 default_server; listen [::]:80 default_server; server_name mysite.idv.tw; return 301 https://$server_name$request_uri; } server { listen 443 ssl default_server; listen [::]:443 ssl default_server; ssl_certificate /etc/nginx/ssl/demo/mysite.idv.tw.bundle.crt; ssl_certificate_key /etc/nginx/ssl/demo/mysite.idv.tw.key; #ssl_dhparam /etc/nginx/ssl/demo/dhparams.pem; ssl_session_cache shared:SSL:9m; ssl_session_cache shared:ssl_session_cache:10m; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_stapling on; ssl_stapling_verify on; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; location ~ /\.ht { deny all; } } }
Jeff Chang's Blog
My own space
Mar 13, 2019
NGINX SSL/設定檔案
Jul 31, 2018
HTTP Server、SSL 操作與設定
Part 1: 自建 private key, 建立 CSR 申請第三方憑證
#private key, need password(keep it)
openssl genrsa -des3 -out private.key 2048
# certificate signing request (CSR)
openssl req -new -key private.key -out domaincsr.csr
#產生如下列問題:
Country Name (2 letter code) [XX]:TW => 填寫國名(兩碼),填完後按下enter
State or Province Name (full name) []:Taiwan =>填寫州或郡,填完後按下enter
Locality Name (eg, city) [Default City]:Taipei =>填寫城市名稱,填完後按下enter
Organization Name (eg, company) [Default Company Ltd]:MyCompany Inc =>填寫公司名稱,填完後按下enter
Organizational Unit Name (eg, section) []:IT Dept =>填寫部門名稱,填完後按下enter
Common Name (eg, your name or your server's hostname) []:www.mydomain.com =>填寫保護網域名稱,填完後按下enter
Email Address []: demo@mydomain.com=>填寫電子郵件地址(可不填),填完後按下enter
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []: =>請留空白,按下enter
An optional company name []: =>填寫公司名稱(可不填),填完後按下enter
#利用 domaincsr.csr 申請第三方憑證
refrence url:
1. https://blog.longwin.com.tw/2014/08/apache2-ssl-create-build-setup-2014/
2. https://slproweb.com/products/Win32OpenSSL.html
3. http://wiki.gandi.net/zh-tw/ssl/dcv
Part 2: 申請到憑證之後下載憑證串鏈
至少包含 2 張憑證,分別是
1. 中繼憑證 (第三方單位會提供 or 直接下載)
ex: GandiStandardSSLCA2.pem
2. 第三方單位發下來的憑證 (第三方單位會提供 or 直接下載)
ex: mydomain.crt
Part 3: 製作 HTTP Server 憑證串
#產製沒有加密過的 private key
openssl rsa -in private.key -out server_no_pwd.key
#產製包含 key 和 第三方憑證 PEM 檔案
cat server_no_pwd.key > server.key
cat GandiStandardSSLCA2.pem mydomain.crt > server.pem
Part 4: 確認共有三個檔案內容:
1. 自行產生的 private key: server.key
2. 串聯的憑證: server.pem
3. 第三方認證公司發行的憑證: mydomain.crt
於 Apache2 的設定範例
ServerAdmin admin@mydomain.com.tw
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/html/gandi_key/server.pem
SSLCertificateKeyFile /var/www/html/gandi_key/server.key
SSLCertificateChainFile /var/www/html/gandi_key/mydomain.crt
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
於 Ngnix 的設定範例
# HTTPS server
server {
listen 443 ssl;
server_name mydomain.com.tw;
access_log C://data//BackendService//logs//access_log.log;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /ngnix/gandi_key/server.pem
ssl_certificate_key /ngnix/gandi_key/server.key
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
ssl_trusted_certificate /ngnix/gandi_key/mydomain.crt
location / {
proxy_pass http://127.0.0.1:4001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Aug 26, 2014
Installing Tomcat 7 + Postgres 9.3 on Amazon Linux
-------------------------------------------------------------------------------------------------------
Tomcat Part
-------------------------------------------------------------------------------------------------------
#install tomcat7
sudo yum install tomcat7-webapps tomcat7-docs-webapp tomcat7-admin-webapps
#auto startup
sudo chkconfig tomcat7 on
#redirect port
sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo /sbin/service iptables save
-------------------------------------------------------------------------------------------------------
Postgres Part
-------------------------------------------------------------------------------------------------------
Install from rpm/yum from postgres repo
In the files
/etc/yum.repos.d/amzn-main.repo
and
/etc/yum.repos.d/amzn-updates.repo add the following in the
block [amzn-main]:
///////////////////////////////////////
exclude=postgresql*
///////////////////////////////////////
Then, install the repo rpm and run yum
# Change to home directory to download the software
cd ~/
# Get the right postgresql package (Redhat 64 Bit)
wget http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/pgdg-redhat93-9.3-1.noarch.rpm
# Install the package
sudo rpm -ivh pgdg-redhat93-9.3-1.noarch.rpm
sudo yum install postgresql93 postgresql93-server postgresql93-devel
# Check that the service is installed
sudo service postgresql-9.3 status
# should return "is stopped"# init the DB
sudo service postgresql-9.3 initdb
# Start the DB
sudo service postgresql-9.3 start
# connect
sudo su - postgres
psql
# auto startup
sudo chkconfig postgresql-9.3 on
source
Jul 12, 2014
Big Data Books
- An Introduction to Statistical Learning with Applications in R
- The Elements of Statistical Learning
- A Programmer’s Guide to Data Mining
- Probabilistic Programming & Bayesian Methods for Hackers
- Think Bayes, Bayesian Statistics Made Simple
- Data Mining and Analysis, Fundamental Concepts and Algorithms
- An Introduction to Data Science
- Machine Learning
- Machine Learning – The Complete Guide
- Bayesian Reasoning and Machine Learning
- A Course in Machine Learning
- Information Theory, Inference and Learning Algorithms
原文出處:資料科學實驗室
Jul 11, 2014
Automatically Retry Failed Jobs in Quartz
Source: Automatically Retry Failed Jobs in Quartz
Retrying continuously until success:
If you want to keep trying over and over again until the job succeeds, all you have to do is throw a JobExecutionException with a flag to tell the scheduler to fire it again when it fails. The following code shows how:
class MyJob implements Job {
public MyJob() {
}
public void execute(JobExecutionContext context)
throws JobExecutionException {
try{
//do something
}
catch(Exception e){
Thread.sleep(10000); //sleep for 10 secs
JobExecutionException e2 = new JobExecutionException(e);
//fire it again
e2.refireImmediately();
throw e2;
}
}
}
Retrying n times:
It gets a bit more complicated if you want to retry a certain number of times only. You have to use a StatefulJob and hold a retryCounter in its JobDataMap, which you increment if the job fails. If the counter exceeds the maximum number of retries, then you can disable the job if you wish.
class MyJob implements StatefulJob {
public MyJob() {
}
public void execute(JobExecutionContext context)
throws JobExecutionException {
JobDataMap dataMap = context.getJobDetail().getJobDataMap();
int count = dataMap.getIntValue("count");
// allow 5 retries
if(count >= 5){
JobExecutionException e = new JobExecutionException("Retries exceeded");
//unschedule it so that it doesn't run again
e.setUnscheduleAllTriggers(true);
throw e;
}
try{
//do something
//reset counter back to 0
dataMap.putAsString("count", 0);
}
catch(Exception e){
count++;
dataMap.putAsString("count", count);
JobExecutionException e2 = new JobExecutionException(e);
Thread.sleep(10000); //sleep for 10 secs
//fire it again
e2.refireImmediately();
throw e2;
}
}
}
May 3, 2014
Admob廣告收入
Admob廣告收入構成
收入=廣告展示量/1,000 * 千次展示收入
千次展示收入=點擊率 * 廣告單價
廣告單價,台灣大概0.1 USD,各國不一定
假設一個月
廣告展示量=100,000 次
點擊率 = (0.1%) 0.001
廣告收入=100000/1000*0.001*0.1=0.01USD
但是其他報告是說,
行動裝置平均每次點擊約有0.01 USD,一般網頁平均每次點擊約有0.1 USD
這報告告訴大家,錢真的不好賺啊 QQ
Subscribe to:
Posts (Atom)